says a security firm North Korea Hackers created a bogus crypto exchange that infected users’ internet-connected devices with malware – allowing them to access sensitive networks so they could steal cryptoassets.
The claims were made by the security provider Volexityand supported by the likes of Malwarebytes,
In a blog post, Volexity claimed that the notorious Lazarus hacking group – based in Pyongyang – masterminded the plan. It said that Lazarus launched the fake exchange in June this year.
The purported crypto trading platform named Blockholder, promotes its operations as:
“Use our trusted crypto trading bots to automate crypto trading strategies on over 20+ exchanges with our privacy focused on-premises trade automation solutions.”
But Volexity claimed that Blockholder was a clone of the authentic trading platform HaasOnline. It presented examples of nearly identical webpages and word-for-word-identical text from the two sites as evidence.
How does Trojan work?
Volexity claimed to prompt Blockholder users to accept a Microsoft installer file that has been modified to include a variant of the AppleJeus Trojan.
Security experts say that AppleJeus, which was first identified by Kaspersky Labs in 2018, collects information about the systems it infects. It is able to collect details on computer addresses, computer names and OS versions. This initial access step allows hackers to later steal cryptocurrency.
cryptonews.com It was found that virus-blocking software such as MacAfee, Avast and South Korean Ahn Labs all flagged the website as “Trojan-infected” or “risky”.
Volexity said it has “identified several other cryptocurrency-themed Microsoft installer files associated with this campaign.”
The authors of the report warned:
“The Lazarus Group continues its efforts to target cryptocurrency users, despite the continued focus on its campaigns and strategy.”
Volexity said it “has not previously noted the use of Microsoft Office documents to deploy AppleJeus variants” — which may represent a “change” in strategy from Lazarus.
South Korean sbs Notably, Lazarus reportedly reports to the Pyongyang-run Reconnaissance General Bureau. The bureau is believed to be the North Korean intelligence agency charged with conducting the country’s covert operations.
Last month, a leading academic Seoul asked to do more to prevent North from attacking crypto targets South of the DMZ.
More Read
Bitcoin Crypto Related Post
